Scribd Logo
Importer

Bienvenue sur Scribd !

  • 5 Mins Presentation-Session Vulnerabilities

    Transféré par

    ncchamara2181
    20 vues7 pages
    Session management vulnerabilities allow attackers to impersonate users or access unauthorized information. Incorrect handling of sessions, such as failing to terminate idle sessions or generating tokens based on predictable information, enables session fixation, sniffing, and prediction attacks. Defenses include using HTTPS, terminating idle sessions, generating random tokens, and implementing cross-site request forgery protections.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Session management vulnerabilities allow attackers to impersonate users or access unauthorized information. Incorrect handling of sessions, such as failing to terminate idle sessions or generating tokens based on predictable information, enables session fixation, sniffing, and prediction attacks. Defenses include using HTTPS, terminating idle sessions, generating random tokens, and implementing cross-site request forgery protections.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    20 vues7 pages

    5 Mins Presentation-Session Vulnerabilities

    Transféré par

    ncchamara2181
    Session management vulnerabilities allow attackers to impersonate users or access unauthorized information. Incorrect handling of sessions, such as failing to terminate idle sessions or generating tokens based on predictable information, enables session fixation, sniffing, and prediction attacks. Defenses include using HTTPS, terminating idle sessions, generating random tokens, and implementing cross-site request forgery protections.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    Session Management

    Vulnerabilities
    Session Handling
    • Sessions use to keep the state
    • Incorrect handling of Sessions allow attackers to reuse
    sessions to impersonate users
    • Timeout
    – Idle Session needs to be removed from the system based on a timeout
    – If no timeouts are set attackers can reuse the Invalid sessions
    • Tokens based on User Information
    – If tokens are generated with information such as username or email
    can be reversed by attackers
    Possible Attacks
    • Session Sniffing
    – Passively intercepting a session’s data that’s being
    transmitted
    HTTP Packet Sniffing
    Vulnerabilities
    – Not using HTTPS in web sites
    – Secure Flag is not set
    – Application allowing HTTP requests for pages under HTTPS
    – Application using HTTP before authentication

    Log Sniffing
    Vulnerabilities
    – Transmitting Token as a URL Parameter
    – Token is transmitted in a hidden field but server accepts GET Requests
    Possible Attacks
    Cache Sniffing
    Attacker access the Browser or Proxy Cache
    Vulnerabilities
    – Directives (Expires:0 and Cache-control:max-age=0 or Cache-
    Control:no-cache) aren’t in the HTTP response header
    – directive Cache- Control:private enables the cache only on the
    machine on which the user is working (Create Risk in Shared
    Machines)

    XSS Cookie Sniffing


    Vulnerabilities
    Web application is vulnerable to XSS attacks
    Possible Attacks
    • Session Prediction
    – Guess a token and connect with the website as a
    legitimate user
    – Token Tampering : If token is predictable
    – Brute Force Attack

    • Vulnerabilities
    – Too long idle time
    – Flawed or week implementation of Session Termination
    Possible Attacks
    • Session Fixation
    Attacker fixes the token before the victim’s authentication
    – 3 Steps in Attack
    i. Session setup. The attacker creates a session on the server (a “trap
    session”) and receives or creates the token.
    ii. Session fixation. The attacker introduces the token into the victim’s
    browser.
    iii. Session entrance. The attacker waits for the user to enter the
    session, at which time the attacker can also enter.
    • CSRF
    • Cross Site Request Forgery
    • Aims to accomplish specific actions instead of obtaining
    session control
    References
    [1] "OWASP TOP 10 - 2010 The Ten Most Critical Web Application Risks", The
    Ten Most Critical Web Application Security Risks, 2010.
    [2] “Session Management Vulnerabilities in Today’s web", IEEE COMPUTER
    AND RELIABILITY SOCIETIES, 2010.

    Vous aimerez peut-être aussi